By Richard Bejtlich, Principal Security Strategist, Corelight When we think about using Corelight data, our mental models often fixate on finding evidence of suspicious and malicious activity. This makes sense, as network security monitoring data generated by Corelight and Zeek combines the granularity of high-fidelity traffic evidence with the compact features of storage-friendly data. However, […]
Tag Archives: network visibility
First, Do No Harm
By Richard Bejtlich, Principal Security Strategist, Corelight When we hear the phrase “first, do no harm,” most of us think of the Hippocratic Oath and its guidance for physicians. I was surprised to learn that the phrase as translated does not actually appear in the Greek, and that the origins are more modern, dating from the […]
How Bro logs gave one company better DNS traffic visibility than their DNS servers
By Howard Samuels, Director of Sales Engineering at Corelight Bro provides enriched network visibility for top organizations around the world, and there are many use cases for Bro logs. The security field uses Bro data for incident response and cyber threat hunting. But Bro log use cases don’t always have to involve finding bad actors, […]
Another cool thing about Bro: tracking files!
By Vincent Stoffer, Director of Customer Solutions at Corelight You probably know that Bro generates real-time data about network flows, highly valued by threat hunters & incident responders around the world. But Bro can do a lot more, and in this blog series, we’ll highlight lesser-known features from time to time. Today: tracking files! First […]